WHITEPAPERS
A Beginner’s Guide to IoT Product Compliance
Prepare for your IoT products to meet regulatory compliance standards before launch.
Author: Adam Drewery
Embedded/Electrical Engineer
Adam works with clients to build hardware-powered solutions. Adam’s highly motivated by the feeling of accomplishment when he gets something working correctly for the first time — even something as simple as getting an LED light to blink on a new set of hardware.
The information that follows does not, and is not intended to, constitute legal advice; instead, all information, content, and materials available are for general informational purposes only. Readers of this document should contact their attorney to obtain advice with respect to any particular legal matter.
Getting your IoT products certified without a hitch means following proper procedure.
But as anyone who’s researched compliance standards can attest, there’s a surprising lack of resources aimed at helping the average person — someone without a law degree — understand what’s required to get their products certified.
And as some organizations have learned the hard way, not following procedure can have pretty serious consequences, from impacting time to market, to legal and financial ramifications.
With so much on the line, it’s time someone explained in plain language what matters, and what doesn’t, when it comes to IoT product compliance.
To that end, we’ve compiled a high-level overview of the major regulators and related certifications that you should know before embarking on certification — whether you’re an electrical engineer or a business leader.
(This guide focuses primarily on standards in the United States and Canada, with some mention of European regulations).
Why Product Certification Matters for IoT
Before marketing or selling any device that emits RF energy, the FCC rule 47 CFR 2.803 requires that the product is “properly authorized, labeled, and furnished with the proper user information disclosures.”
Missing just one of these crucial requirements could result in penalties totaling more than $150K per violation. If that’s not enough, consider the costs associated with production delays, pulling products, and rushing them through certification.
It happens more often than you’d think. Let’s walk through a hypothetical product launch to explore what a situation like this might look like.
A Tale of Non-Compliance
Let’s say your company’s done all the market research, completed the entire product design lifecycle, gone through the painstaking process of getting through production, and your first models are out in the field.
As you’re planning your next production run, you get a call from an electrical inspector asking for the results of your compliance tests—and, more importantly, why the appropriate markings aren’t displayed on the product.
As it turns out, a competitor reported your product as unsafe because their version of the product hasn’t launched yet.
If you’ve considered and performed compliance testing, the path out of this jam is much more straightforward. If you haven’t, you now have to halt production until you complete the appropriate testing and file any associated paperwork.
With this product serving as one of your key revenue streams, you can’t afford to halt production, so you do whatever you can to get your compliance testing completed as quickly as possible. Typically, this means shelling out a lot more than you budgeted for, only to realize that because you didn’t test the product earlier, you failed the compliance testing.
At this point, you might have to perform a lengthy diagnostic investigation to fix some spurious emissions. Worse, you might have to address that one weird failure that you can only seem to reproduce if you’re standing on one leg during an eclipse.
You’ll then have to pay to either rework or remake the product to meet compliance standards. You’ll also have to re-test the product and hope another component doesn’t start failing.
Add these difficulties together and the cost of neglecting compliance now totals hundreds of thousands of dollars, not including whatever fines the FCC deems necessary.
The Bottom Line
While this story describes a worst-case scenario, there are other negative outcomes associated with neglecting compliance. For example, distributors may not carry your product without UL and FCC markings, which limits your distribution network.
Most importantly, there’s the safety of your consumers. You may believe your product is safe, but testing for certifications can reveal things you may not have considered, protecting both your customers and your business.
To avoid finding yourself in this trap, keep certifications in mind at the beginning of the product development cycle.
An Overview of the Major Regulators and Standards
Different regulatory rules and standards apply depending on where you plan to manufacture and sell your product. We’ll focus primarily on regulations in the United States, Canada, and to a lesser extent, Europe.
International Electrotechnical Commission (IEC) Certification
The IEC is an international organization that prepares and publishes “international standards for all electrical, electronic and related technologies.”
The United States, Europe, and Canada largely base their own national certification standards on those developed by the IEC, so you can think of it as the overarching regulatory body. The IEC has multiple committees and subcommittees which regulate different kinds of products and technologies.
Comité International Spécial des Perturbations Radioélectriques (CISPR) Certification
In English, the Comité International Spécial des Perturbations Radioélectriques means International Special Committee on Radio Interference—also known as CISPR.
As an IEC committee, CISPR defines the specific set of tests a company needs to complete to comply with a certain standard. CISPR also provides all the need-to-know details, including how to do the tests and how often.
In North America and Japan, CISPR-22 (known as EN-5022 in Europe) is the most relevant standard for information technology devices (e.g. printers, computers, single word computers, etc.), and regulates radiofrequency (RF) emissions and electromagnetic compliance (EMC).
Federal Communications Commission (FCC) Certification
FCC testing is the most relevant to products developed and sold in the United States. The FCC approval process mostly focuses on two things:
- Determining whether your product is emitting RF energy outside of your allowed limits
- Prohibiting interference with other devices and systems
For most electronic equipment, FCC Part 15 standards apply, with devices divided into Class A (industrial, non-residential products) and Class B (consumer, residential products).
Underwriters Laboratories (UL) Certification
As a global organization based in the United States, UL sets standards for products ranging from mobile phones to plastic materials.
While many of the regulations from organizations like the FCC and CISPR focus on limiting RF emissions, UL regulations center on product safety concerns, such as preventing electrical fires.
The UL safety standard currently used in the United States is UL 62368 (for Audio/Video, Information & Communication Technology Equipment).
Industry Canada (IC) Certification
As the Canadian counterpart to the FCC, IC shares the same regulatory focus (limiting RF emissions) and similar certification procedures.
This can make the process easier if you need certifications from both agencies, but you’ll still need to pay separate application fees to each — and if your manufacturer isn’t located in Canada, you’ll need an in-country representative.
Conformité Européenne (CE) Certification
Conformité Européenne is French for European Conformity, and it’s the universal standard for health, safety, and environmental regulatory compliance within the European Economic Area (EEA).
Nearly every kind of product you could manufacture must have a CE marking and corresponding Declaration of Conformity (DoC) in the EEA, from toys to water boilers, so this will most likely apply if you plan to market, manufacture, or sell there.
To get the official CE mark on your product, you’ll need to:
- Identify the specific EU regulations that apply to your product
- Complete your own conformity assessment
- Create a technical file
Finally, you’ll need to create a Declaration of Conformity, a signed document confirming that your product complies with CE regulations. The regulations that apply to your product will determine what’s required in your declaration.
In Europe, the Declaration of Conformity is a legally binding document placing all liability on you as the manufacturer. If an agency deems your product non-compliant, it will be your responsibility to address and remedy any issues.
PTCRB Certification
Previously known as PCS Type Certification Review Board, PTCRB is a certification organization that ensures your product works well with carriers like AT&T and T-Mobile.
Verizon has its own carrier test you’ll need to perform to fine-tune compatibility with your product.
GCF Certification
As its name suggests, the Global Certification Forum is a global certifying agency with worldwide recognition. The organization focuses on mobile and IoT certification programs.
You’ll need an annual membership with GCF to receive certification. Members of GCF fall into three categories: operators, manufacturers, and observers.
Operators are typically carriers, manufacturers are those who either manufacture directly or put a product on the marketplace through a third party, and observer memberships exist for anyone with an interest in cellular technology.
As a manufacturer, your product must pass compliance testing at one of their approved facilities to receive certification. The good news? Once certified, your product certification will remain valid even if you choose to discontinue your annual membership.
While a GCF certification may not provide testing for all carriers, obtaining one can still minimize the number of carrier-specific tests you’ll need to worry about given its international recognition. This can not only save money but also time to market.
Wi-Fi CERTIFIED™
The Wi-Fi Alliance champions the use of Wi-Fi technologies to solve a wide range of problems. More importantly, this network of companies sets the standards that help to ensure interoperability between different generations of Wi-Fi devices.
To become Wi-Fi CERTIFIED, a product must undergo rigorous testing through one of three certification tracks (FlexTrack, Track, and Derivative) to ensure it meets standards.
In most industrial applications, the Wi-Fi module itself has been through this testing. In consumer markets, most components are Wi-Fi CERTIFIED, so not obtaining this certification can be a competitive disadvantage.
Bluetooth Special Interest Group (SIG)
The Bluetooth SIG is similar to the Wi-Fi Alliance in championing the use of its technology.
Bluetooth SIG also maintains the Bluetooth standard. Much like the W-Fi certification, Bluetooth qualification testing ensures that a device will maintain interoperability with other devices.
The key difference: You’ll have to become a Bluetooth SIG member to receive the certification (luckily there’s a free membership tier).
In most situations, it makes the most sense to build around radios that currently possess a Bluetooth declaration ID, and then pay a one-time $9,600 declaration fee for your own product.
This legally allows you to use the Bluetooth logo. If you skip this step, your device may wind up held in customs.
Which Devices Need Certification?
We know that certification needs to happen. We know which regulators control different tests and standards. But what kinds of devices and products do these rules actually apply to?
Technology has evolved significantly in the past few decades and the same kinds of certification rules that would have applied to a camcorder in the 1980s can now apply to your mobile device.
Just think of all the functions a mobile device can perform: It’s a video recorder, a camera for still photos, a computer, a cellular phone, a navigation device, and a flashlight—among lots of other things.
Keep this in mind as you read through this list of devices you’ll need to certify. One product could apply to multiple categories, so it might make sense to modularize each component during the design process to make testing easier.
Different rules will apply depending on where you plan to manufacture and market your product.
Here’s a quick list of the types of devices that require certification:
- Any electronic product that operates at frequencies 9 kHz or higher (FCC & IC)
- Any product connecting to the alternating current (AC) power grid
- Most intentional radiators (including the majority of IoT devices)
- Cellular devices
- Bluetooth devices
- Wi-Fi devices
- ZigBee radios
- WLAN
- LoRA (Long Range)
RF Device Categories Governed by the FCC
There are five categories of RF devices governed by the FCC:
- Incidental radiators
- Unintentional radiators
- Intentional radiators
- Industrial, scientific, and medical equipment
- Equipment operating in licensed radio services
Each device type comes with its own set of standards and/or IoT product compliance tests. The complexity and amount of testing required will mostly depend on the type of RF device in question.
Incidental and Unintentional Radiators – Low Test Effort
Incidental radiators (like air conditioners) refer to electrical devices that aren’t designed to intentionally emit RF energy over 9kHz, but may produce byproducts of radio emissions over 9kHz.
Unintentional radiators (like alarm clocks) refer to electrical devices that intentionally generate RF energy for use within that device — or send RF signals by conduction to associated equipment — but aren’t designed to emit RF energy by radiation or induction.
In either case, these products can ultimately emit a fair amount of RF noise if not properly designed—and that’s why low-effort testing that generally takes less time is usually sufficient.
Intentional Radiators (Including Most IoT Devices) – Testing Effort Varies
In the IoT space, almost everything has a radio and qualifies as an intentional radiator. Testing is relatively easy if the product has a single pre-certified radio.
If the product contains more than one radio, however, things become a little more difficult, even with pre-certified modules — and particularly if it contains collocated transmitters.
This is only an issue if two (or more) antennas are within 20cm of one another, but this requirement is less stringent if you can guarantee the two radios will never transmit simultaneously. Lastly, you may be able to avoid entire sets of testing depending on the type of radio module within your device.
Industrial, Scientific, and Medical (ISM) Equipment – High Test Effort
At the other end of the spectrum, industrial, scientific, and medical (ISM) equipment and appliances typically require complex or high-effort testing.
According to the FCC, a product qualifies as ISM equipment if it meets these conditions:
- Generates and uses radio frequency energy in order to work
- Exists for industrial, scientific, medical, domestic, or similar purposes excluding telecommunication
“Domestic” or consumer ISM devices include products like microwave ovens, ultrasonic humidifiers, and jewelry cleaners.
Testing involves making sure these and professional ISM devices operate within the right frequency bands. The most commonly used spectrums are 902 – 928 MHz (LoRa), 2.4 GHz (Wi-Fi and Bluetooth), and 5 GHz (Wi-Fi).
Products within these spectrums are sometimes referred to as unlicensed transmitters: low-power devices (transmitting less than a single watt of power) that must frequency hop within their respective band.
Licensed Radio Services – High Test Effort
Licensed transmitters (like cellular technology) are usually the most complicated in terms of IoT product compliance testing. Licensed transmitters and ISM equipment are sometimes put on a pre-certified module later included during testing, but that’s not always the case. Most IoT devices don’t typically fall into this classification.
Device Classes
The product certification industry groups all RF devices into two classes: Class A and Class B.
- Class A: Devices intended for use in industrial or business applications
- Class B: Devices intended for use in residential or personal applications
Your product’s device class won’t have a major impact on required testing, but it does change the permitted energy levels in a few frequency bands. The device class will also impact some required language in product documentation and on labels.
Pre-Certified Components
There are four levels, so to speak, of pre-certified radios that are “put down” on a device: chipsets, modules, end-certified modules, and dev kits. Using pre-certified parts (like an end-certified cellular module) can help expedite or even avoid certain certification tests of your finished product.
But using a pre-certified device for your product doesn’t guarantee it will pass or even skip an IoT product compliance test — so you’ll want to choose pre-certified radios carefully.
When choosing the right solution for your product, ask yourself three things:
- What is my anticipated annual production volume?
- What is the cost of goods sold (COGS) target?
- How quickly does it need to get to market?
While actual certification requirements will be much more nuanced than the information provided below, it helps to have a general understanding of how these three questions ultimately will impact radio device selection:
(Note: The manufacturers and components listed below are examples, not endorsements).
Chipsets
- Chipsets require the selection of the integrated circuit (IC) itself along with all the required supporting circuitry.
- Qualcomm is perhaps the best-known cellular chipset manufacturer, while Texas Instruments’ CC series provides several chipsets for ISM applications.
Modules (often called pre-certified modules)
- Modules require a host circuit board to operate and contain an RF chipset along with other components.
- Modules may require an external RF connector, SIM card, and/or other minimal circuitry.
- Cellular module manufacturers include Telit, U-Blox, and Sierra Wireless, while Microchip provides several Wi-Fi and/or Bluetooth modules.
- As an intentional radiator, any end product using a pre-certified module must go through additional testing.
End-Certified Modules
- End-certified modules are typically plugged into a standard connector (like a USB connector) or soldered onto a host PCB.
- These modules add an external antenna/RF path (like an interface controller) to a product. In cellular devices, it’s known as a SIM card.
- If powered, end-certified modules can operate to a minimal degree.
- End-certified modules “inherit” the module certification.
- Companies like Digi have both cellular and ISM offerings, while Multitech and Nimbelink offer cellular end-certified modules.
- As an independently-approved intentional radiator, the end product must go through basic FCC and UL testing.
Dev Kits
- Dev kits are typically single board computers (SBCs) which include pre-certified RF communications natively on the board.
- Dev kits are typically plugged into a standard connector (like a USB connector).
- Dev kits are primarily suitable for prototype and proof-of-concept deployments.
Device Level | Starting EAU | COGS | Design Effort | Testing Required |
---|---|---|---|---|
Chipset | 50k+ | Lowest | 6 months + | 6 months + > $10,000 (ISM) > $100,000 (cellular) |
Module | 1k – 10k | Middle | < 6 months | 3 months + < $10,000 (ISM) > $10, 000 (cellular) |
End-Certified Module | 10 – 100 | High | < 3 months | < 1 month < $10,000 |
Dev Kit | Prototype | Highest | < 1 month | Not recommended |
Pre-Certified Components: The Bottom Line
Generally speaking, IoT product compliance testing for devices that use ISM technology will be fairly straightforward. End-products using a cellular connection may need carrier testing in addition to FCC and UL testing, particularly if the product doesn’t use an end-certified module.
For a module, the radio itself may have been certified, but your device is almost certainly using that module in a new configuration or in conjunction with another product that alters the radio’s performance. Using a different PCB material can also impact performance.
This is a key benefit of using an end-certified module: the fixed relationship between the various components means the PCB material won’t change. End-certified modules also typically include a controller that takes commands from the host processor to interface with the RF chipset.
Costs of Product Certification
While the price of completing product certification upfront is significantly lower than the cost of unforeseen lawsuits or halting production due to missing certifications, there are still costs to consider.
FCC Testing
FCC test fees range from $65 to just over $4K. Learn more about FCC testing pricing in the agency’s fee guide.
IC Testing Fee guide from agency listed here.
IC test fees range from $50 to just over $2200. Learn more about IC testing pricing in the agency’s fee guide.
UL Testing
Cost and time frames vary based on the type of product and scope of the assessment. You’ll need to contact the appropriate department for more information.
CE Testing
Costs for CE testing may vary since manufacturers can complete conformity tests without the agency.
PTCRB Testing
PTCRB testing is costly, ranging anywhere from $16K for data-only devices with one external antenna to up to $50K for more complex devices with an internal antenna and multiple bands. Consult with PTCRB-accredited labs for more information.
GCF Testing
The annual membership fee for 2022 ranges from $5,700 to $11,400 depending on the type of product you manufacture. Your subscription cost does not cover the cost of testing, but you’ll need a subscription to receive certification. Chat with a GCF-accredited test lab for more information.
Wi-Fi Testing
Like GCF, the Wi-FI Alliance requires an annual membership before an organization or manufacturer can receive product certification. A qualifying annual membership costs $20K and is pro-rated per quarter. Consult with an authorized test lab for more information.
Bluetooth Testing
Bluetooth SIG requires that anyone who licenses its technology completes the “Qualification and Declaration” process, which includes paying a Declaration fee in exchange for a Declaration ID. Check out the organization’s fee guide for more information.
The Process of Product Certification
The product certification process is lengthy, so don’t wait to begin. Start by making sure you understand upfront the regulations your product must meet, the documentation you’ll need to provide regulatory entities, and the activities you’ll likely have to complete.
Design
Design is usually the most fun part of developing a new product — and knowing the required regulations ahead of time can inform the best components to build your system with.
There are plenty of application notes available from a variety of manufacturers to help you understand (usually with a bit of a sales pitch) how to design to meet various regulations.
Once again, spending a little extra time in this stage can save significant time later.
Documentation
The documentation step is often skipped until the test lab asks you for something, and then you stand there with a blank look on your face as you try to understand what they’ve asked.
In most cases, the following documents should be ready to go before pursuing any kind of testing. Keep in mind that some of the documents may be public domain.
Make sure to work with your compliance consultant or test houses to ensure you understand which documents you’ll need to obtain versus public domain documents.
Block Diagram
A block diagram is a high-level document that outlines what makes up a product. It’s good to include things like processor clock speeds, communications bus clock speeds, any RF peripherals, and any physical ports that connect in-between sub-assemblies of the product or to the outside world.
Specifications
Specification documents detail the requirements of the product. Make sure to include things like input voltages, current ratings, approved peripherals, RF frequencies, and similar details here.
User’s Guide
User guides should contain instructions for installation, maintenance, and troubleshooting. They should also contain language specific to any relevant standards the product holds.
Schematics (Not Public)
Test houses need schematics to ensure they understand what they’re testing. Sometimes, you might think you’ve explained all of the relevant details to the test house, but ambiguities can stall progress if and when something unexpected comes up.
Labels
If the product is large enough for a label, it should contain the appropriate verbiage. If applicable, you should also include device IDs of pre-approved modules contained within the product. You’ll also need to place any appropriate logos in an “easily visible location.”
Pre-Compliance Testing
Pre-compliance testing can reduce the overall cost of product certification by making sure your device passes certification tests ahead of time.
While the product testing necessary for official certification almost always happens in an accredited lab, you can do your own product testing in a non-accredited lab first to verify that your product meets all the requirements.
If something is amiss, you can then course-correct without having to pay for a fully accredited lab to test your product multiple times. Many good pre-compliance test labs will also work with you on the design in order to meet requirements.
Re-Design
In an ideal world, no one needs the re-design process.
In the real world, things often break in unexpected ways — especially as you add more ports and peripherals to a product.
If you’ve come to this step from pre-compliance testing, then you will be appreciative that you will have a much better chance of passing the actual compliance tests. If you’ve come here from the actual compliance tests, then you’re probably pretty frustrated that you didn’t consider IoT product compliance from the start or perform pre-compliance testing.
IoT Product Compliance Testing
At last, the finish line is in sight! If you’ve built your product with compliance in mind from the beginning, these tests will be relatively painless — even if you have a complicated product that demands more complex testing.
Sometimes, though, a product may fail in a new way during testing. Most test houses are willing to work with you on this, but it’s better to try to get a sense of that before an issue arises during testing.
The worst-case scenario is a major re-design, but even minor re-designs necessitate performing the entire test suite again.
Filing
If you’ve reached this point, pat yourself on the back: You’ve passed your compliance tests and are ready to file.
You’ll need to provide paperwork that the test lab will use to complete its report. Even if your documentation is in order, the review board may still request some clarifications. Avoid incomplete paperwork if at all possible, because it’ll cause this final stage of the process to drag out.
Once you’ve successfully completed the filing process, you’ll receive a Declaration of Conformity (DoC) stating that your product passed all required tests and complies with necessary standards. You must complete your DoC before you can legally put any labeling with regulatory agency markings on your product.
Planning for Success With IoT Product Compliance
In the world of product certification, an ounce of prevention is worth a pound of cure.
While this guide isn’t comprehensive enough to cover every type of product testing and certification you might ever need to know about (that would probably require a book), this overview should provide you with enough high-level guidance to kickstart your next project the right way — with IoT product compliance in mind.